Hello again, I need an assistance on how could I extract logs with less information. For instance regular logs have full information while some logs have shorter information (see below), I tried adding two formats in grok, but it seems not able to parse logs with less information. Thank you in advance.
Regular logs: <164> http_scan: 1234567890 1 10.1x.xxx.xx x99.xx.1xx.2xx application/x-protobuf 10.xx.xxx.xx https://example.com 230 BYF ALLOWED CLEAN 2 0 0 0 0 (-) 0 - 0 - 0 example.com business [ldap0:user01] https://example.com business 0
other logs: <164> http_scan: 1234567890 1 10.1x.xxx.xx x99.xx.1xx.2xx image/jpeg 10.xx.xxx.xx https://example.com/ 14067 BYF ALLOWED CLEAN 0